Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Also: Dismantling a 460 Million Euro Crypto Fraud Network
Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, a peek into Iran’s largest crypto exchange blending privacy, scale and sanctions evasion, Europol and Spanish police dismantled a crypto fraud network that stole 460 million euros, Resupply stablecoin exploited for $9.5 million, a Pennsylvania man received an eight-year sentence for running a $40 million ponzi scheme and U.S. federal prosecutors uncovered a North Korean crypto theft and employment fraud scam.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
How Iran’s Largest Crypto Exchange Blended Privacy, Scale and Sanctions Evasion
Iranian crypto exchange Nobitex’s can’t catch a break. Following a $100 million hack, attackers days later leaked its entire source code. TRM Labs analysts found the code revealed a sophisticated operation designed to bypass sanctions, embed with Iran’s banking system and frustrate surveillance.
Nobitex’s architecture included a segmented wallet system to separate hot and cold wallets, but internal routing made lateral movement possible once attackers breached the network. Deep integration with Iran’s domestic payment platforms, such as Shetab and Pay.ir, allowed users to move funds seamlessly between crypto and fiat, bypassing international restrictions.
Privacy was a core design principle. Modules like owshen and zpk introduced transaction obfuscation, stealth addresses and mixing capabilities, aiming to defeat blockchain analytics tools used by U.S. regulators. VIP users could bypass compliance checks entirely, suggesting Nobitex tailored protections for politically sensitive accounts.
Supporting over 25 blockchains, the platform’s cross-chain footprint made tracing funds especially challenging. While encryption and monitoring were widely implemented, critical weaknesses existed, such as plaintext keys in non-production environments, which likely enabled the breach.
Nobitex’s custom matching engine, fraud detection and fiat integrations were modular, making the entire system easily forkable. This increases the risk that similar exchanges could emerge in other sanctioned regions, extending Iran’s financial reach.
Europol, Spanish Police Dismantle Crypto Fraud Network That Stole 460M Euros
Spain’s Guardia Civil, supported by Europol and authorities from Estonia, France and the United States, arrested five people accused of running a vast cryptocurrency investment fraud scam. The group allegedly stole 460 million euros from over 5,000 victims worldwide. Police carried out five searches across Madrid and the Canary Islands. Europol, involved since 2023, coordinated intelligence, provided operational support and sent a crypto specialist to assist Spanish investigators. Authorities believe the network relied on a global web of associates to collect illicit funds through cash withdrawals, bank transfers and cryptocurrency transactions. Investigators suspect the organization set up shell companies and bank accounts in Hong Kong to launder the money via multiple payment gateways and crypto exchanges.
Resupply Stablecoin Exploit Drains $9.5M
Stablecoin protocol Resupply lost $10 million after an attacker manipulated exchange rates tied to cvcrvUSD, a wrapped version of Curve USD staked in Convex Finance. The attacker artificially inflated the cvcrvUSD price by making donations, causing its share value to surge. Resupply’s smart contract, ResupplyPair, used this inflated price to calculate exchange rates. Exploiting the distortion, the attacker borrowed 10 million reUSD, which is Resupply’s native stablecoin, using only one wei of cvcrvUSD as collateral. Analysts said the stolen funds came from the wstUSR market, which the attacker targeted through this borrowing strategy. The attacker later converted the borrowed reUSD into other assets on external platforms to secure profits. Resupply identified the vulnerable contract and has paused it to prevent further exploitation.
Pennsylvania Man Gets Eight Years for $40M Crypto Ponzi Scheme
Dwayne Golden, 57, from Pennsylvania, received a sentence of eight years in prison for running crypto investment scams that defrauded investors of $40 million. Golden and co-conspirators Gregory Aggesen and Marquis Egerton operated EmpowerCoin, ECoinPlus and Jet-Coin between April and August 2017, falsely promising guaranteed returns from overseas digital asset trading. The U.S. Department of Justice said the firms were classic Ponzi schemes, using new investments to repay earlier participants or enrich themselves.
After the scam collapsed, Golden and others tried to obstruct federal investigations by destroying evidence and misleading the Federal Trade Commission and a grand jury. Golden must forfeit $2.46 million in illicit gains. All four defendants pleaded guilty. William White, another conspirator, received a 30-month sentence, while Aggesen and Egerton await sentencing. U.S. Attorney for the Eastern District of New York Joseph Nocella said the fraud exploited interest in cryptocurrency but offered no real services or trading activity.
DOJ Uncovers North Korean Crypto Theft, Employment Fraud Targeting U.S. Firms
The U.S. Department of Justice has charged North Korean nationals with schemes to steal cryptocurrency and sensitive data by posing as American workers (see: US Announces Crackdown on North Koreans Posing as IT Workers).
Prosecutors accused four North Koreans of stealing over $900,000 in cryptocurrency from two companies and laundering it through Tornado Cash and accounts set up with fake Malaysian documents. Investigators seized 29 financial accounts linked to the schemes. North Korea routinely steals cryptocurrency to funnel hard cash into Pyongyang and fund development of weapons of mass destruction. The suspects are at large.